By default any modern Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding. This can be done in several ways that I will present bellow.

Check if IP Forwarding is enabledWe have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not:

Using sysctl:

sysctl net.ipv4.ip_forwardnet.ipv4.ip_forward = 0

or just checking out the value in the /proc system:

cat /proc/sys/net/ipv4/ip_forward0

As we can see in both the above examples this was disabled (as show by the value 0).

Enable IP Forwarding on the flyAs with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):

sysctl -w net.ipv4.ip_forward=1

or

echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

Permanent setting using /etc/sysctl.confIf we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1

/etc/sysctl.conf:net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.

To enable the changes made in sysctl.conf you will need to run the command:

sysctl -p /etc/sysctl.conf

On RedHat based systems this is also enabled when restarting the network service:

1. Open terminal2. su - if you not a root user3. Use your favorite editor like vi.4. Type vi /etc/hosts.deny5. At the bottom line just type “ALL:ALL:deny” to restricted all of deamon process6. Save it.7. Open “/etc/hosts.allow” with vi editor8. At the buttom line “ALL:(some ip that you allow):allow” to allow anything from my IP address9. Save it.

Q I’m thinking of trying out Linux, but I can’t seem to find any information on anti-spyware programs for that operating system. Do you know where I can find such software?
I am prepared to pay for them as it’s not worth the risk otherwise, based on my experience with Windows.

A You’ll be pleased to hear that there’s a good reason why it’s so hard to find an anti-spyware program for Linux: the threat from spyware is far smaller when using Linux than when using Windows.
Because of the way Linux works, it’s far harder to create spyware that can get at your personal information. Also, because the number of Linux users is still relatively small, it makes more sense for spyware creators to concentrate on spyware for Windows, where they are likely to get a bigger response. The same goes for viruses on Linux – no-one has yet seen a true virus for it.

That’s not to say it can’t happen, and in the future it’s perfectly possible that both viruses and spyware will start to appear. For now, however, it’s safe to go without anti-spyware protection when using Linux. Anti-virus software is available for Linux such as the free version of AVG.
There are two good reasons for installing this. The first is that you will be prepared in case someone does release a virus for Linux, and the second is that it will prevent you from inadvertently sending a virus to a friend using Windows.

One thing you shouldn’t go without is a firewall, however. Most Linux distributions will include one as standard, but make sure it is switched on and active before using the internet. This will provide an excellent line of defense against all kinds of online threats.
It is also very important to update Linux just as you would run Windows Update. Most distributions come with a way of doing this automatically.

Apply the changes by saving the file and running the following commands:

cd /etc/mailmake all/sbin/service sendmail restart

From this point on, every time an SMTP client connects to Sendmail, Sendmail will refer to the blacklist authorities you added to verify the client’s reputation. If the client is reported to have a shady reputation, Sendmail will hang up on him.

badblocks is a Linux utility to check for bad sectors on a disk drive (A bad sector is a sector on a computer's disk drive or flash memory that cannot be used due to permanent damage or an OS inability to successfully access it.). It creates a list of these sectors that can be used with other programs, like mkfs, so that they are not used in the future and thus do not cause corruption of data. It is part of the e2fsprogs project.

It can be a good idea to periodically check for bad blocks. This is done with the badblocks command. It outputs a list of the numbers of all bad blocks it can find. This list can be fed to fsck to be recorded in the filesystem data structures so that the operating system won’t try to use the bad blocks for storing data. The following example will show how this could be done.

From the terminal, type following command:

$ sudo badblocks -v /dev/hda1 > bad-blocks

The above command will generate the file bad-blocks in the current directory from where you are running this command.

Now, you can pass this file to the fsck command to record these bad blocks

Regular KDE 4 Packages and an openSUSE-based KDE Four Live CDhave been available throughout the whole cycle, and final versions of them are also available now. On openSUSE 10.3 you can use 1-click-install to get the KDE 4.0 desktop environment -- Here

Antivirus

Perhaps the ultimate definition of computer security is the effectiveness of your antivirus. Antivirus software keeps the most problematic forms of malware from corrupting your computer.Clam AntiVirus – Extremely popular antivirus solution for UNIX based machines. Includes real time virus scanning and a virus definition database updated multiple times per day.AVScan – A front-end for Clam AntiVirus.AVG Anti-Virus – Effective virus scanning suite. Requires regular virus definition updates.Avast Home Edition – Complete antivirus suite including real time scanning, email protection, internet traffic filtering, a firewall and more.Housecall – Web based scanner that detects and removes viruses, worms, trojans and spyware. Also points out system vulnerabilities and offers advice on obtaining security patches.Symantec Security Check – Simple antivirus solution that searches your computer for various forms of malware and deletes them. Offers a secondary scan to measure the vulnerability of your computer.

Rootkit

Rootkits are about the nastiest forms of malware around. To keep your computer (and your privacy) safe, you’ll need an app to scan for rootkits.chkrootkit – The definitive solution for finding and removing rootkits from Linux machines.

Firewall

A well regarded firewall with a strict rule set is the first line of defense against intruders. Keep hackers from sneaking malware onto your system in the first place with these freebie firewall solutions.Firestarter – Real time firewall that monitors all of the open ports and active network connections on your computer. Allows you to specify a very strict rule set.Firewall Builder – Useful tool for assembling a firewall rule set or policy for popular UNIX based firewalls including iptables, ipfilter, etc.TuxGuardian – Verifies the integrity of applications trying to gain access to the network. Useful for preventing viruses, trojans, spyware, etc. from spreading throughout the network.HardWall Firewall – Iptables based script that performs detailed packet inspection and filtering to keep your computer free from malicious traffic.BullDog – Complex firewall for advanced users.PeerGuardian – Blocks IPs from accessing your network. Especially useful for protecting your privacy when using peer to peer software.

Email Security

Thunderbird – Highly customizable secure email client. Comes equipped with spam email filters, phishing protection and encryption capabilities.Smart sendmail filters – A collection of tools to block and filter sendmail spam as well as scan attachments for viruses.Sagator – An interface for the postfix, sendmail and other smtpd gateways that run popular antivirus and antispam solutions.Tiger Envelopes – Encrypts email messages. Integrates into Outlook, Thunderbird, Mac Mail and KMail.

Web Utility

Malware infestation is probably the most annoying aspect of surfing the internet. It starts by accidentally downloading a toolbar here, failing to read a EULA there, and eventually your whole computer is one big slow piece of junk. To prevent this from happening (again) try using these apps when surfing.Tor – Uses a network of virtual tunnels to provide anonymity for surfing the internet and transferring files over a network.Firefox – A fan favorite browser for it’ssecure architecture and available add-ons. Uses SSL browsing by default.WebCleaner – Allows you to control the type of data your proxy parses. Useful for eliminating dangerous malware and removing annoying popup ads.McAfee Site Advisor – Rates websites by their ability to infect your computer with malware. Advises you if a site is safe or not.

Network

With an insecure network not only will you be vulnerable to the perils of the internet, everyone connected to your network will too. Meaning instead of having one computer down due to a nasty virus, you could have hundreds. These freebie apps will help you manage the challenge of keeping your network safe.SmoothWall – Firewall, IDS and VPN system for home users and networks.Nagios – Comprehensive web based tool equipped with virtually every imaginable feature for knowing exactly what’s going on in your network.Nessus – Industry leading open source network vulnerability scanner. Highly scalable and very thorough.Wireshark – Powerful tool for capturing network protocol data for analysis. Contains more than 25 methods for reading packets making it useful for a wide array of networks.

Virtual Private Network

VPN usage has exploded the past few years due to its new found ease of use and high level of security.SSL-Explorer – Highly scalable VPN that integrates directly into your browser. Requires only a single open port to work.OpenVPN – Popular VPN solution specializing in remote access.strongSwan – IPsec based VPN using multiple encryption methods.

Encryption

Encryption is a must for the most sensitive types of data. After all, we all know what happens when a password or credit card number winds up in the wrong persons hands. That’s why we recommend you check out a few of the following encryption apps.GNU Privacy Guard – A command line based encryption tool using multiple encryption algorithms including OpenPGP, AES, SHA-1, and more.TrueCrypt – Creates virtual encrypted drives.

Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.

Xfce embodies the traditional UNIX philosophy of modularity and re-usability. It consists of a number of components that provide the full functionality one can expect of a modern desktop environment. They are packaged separately and you can pick among the available packages to create the optimal personal working environment.

Another priority of Xfce is adhereance to standards, specifically those defined at freedesktop.org.

Xfce can be installed on several UNIX platforms. It is known to compile on Linux, NetBSD, FreeBSD, OpenBSD, Solaris, Cygwin and MacOS X, on x86, PPC, Sparc, Alpha...

Paste in this command in terminal

sudo aptitude update && sudo aptitude install xubuntu-desktop

To use Xfce after you’ve installed it:
1) Log out
2) Under “Session”, select “Xfce”
3) Log back in again.

DenyHosts is a Python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.

Additionally, upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host. An email report can be sent to a system admin.Installation:
You will need to run DenyHosts as root (in order for DenyHosts to update /etc/hosts.deny and read entries from /var/log), so you first must become root. Once you have either logged in as root (or used su - root, for instance) you can then run the following command:

# crontab -e

The above command will launch the crontab editor. To launch DenyHosts every 20 minutes you would then add the following line to the crontab:

You will need to substitute your site-specific paths above. As an example, if you installed DenyHosts in /usr/local/etc and maintain your configuration file there as well, then the following crontab entry would be appropriate:

Ever wondered how to forward your mails especially if you are a webmaster managing number of sites. You might need to forward any email sent to your primary email address. Its that easy. Just create a .forward file on your home directory. Insert list of emails addresses separated by commas, where you want to get forwarded.

Commercial databases such as Oracle and IBM DB2 can maximize performance by using raw I/O. One may use the raw command for both IDE and SCSI devices. This will map a raw device to a blocked device for an entire disk partition. To see if your system is using raw I/O issue the command: raw -a

* Configuration file: /etc/sysconfig/rawdevices

Add entries to this file to invoke raw I/O upon system boot. * Devices: /dev/raw/raw?? * Raw device controller: /dev/rawctl * Sample use of command: raw /dev/raw/raw1 /dev/hdb5 * One must be of group disk to use the raw device or change permissions:chmod a+r /dev/rawctlchmod a+r /dev/hdb5chmod a+rw /dev/raw/raw1

Note: The above information applies to Red Hat distributions. This info may be different for other distributions. i.e. S.U.S.E. uses /dev/raw1 as a device and /dev/raw as the controller.You can mimic Red Hat behavior with a symbolic link: ln -s /dev/your_raw_controller /dev/rawctl

Title: "Iptables-tutorial"Author: Oskar Andreasson.URL: http://iptables-tutorial.frozentux.netKeywords: iptables, netfilter, firewalls.Description: The aim of the iptables-tutorial is to explain iptables in a complete and simple way. It information on all the currently available matches and targets (in kernel), as well as complete example scripts and explanations. It contains a complete section on iptables syntax, as well as other interesting commands such as iptables-save and iptables-restore.

Title: "Ipsysctl-tutorial"Author: Oskar Andreasson.URL: http://ipsysctl-tutorial.frozentux.netKeywords: IP sysctl, ipsysctl, firewalls, Interface reference, sysctl/proc basics.Description: This document aims at giving more in depth explanations about the different ipsysctl calls available in the Linux kernel.

Title: "Linux as a Case Study: Its Extracted Software Architecture"Author: Ivan T. Bowman, Richard C. Holt and Neil V. Brewster.URL: http://plg.uwaterloo.ca/~itbowman/papers/linuxcase.htmlKeywords: software architecture, architecture recovery, redocumentation.Description: Paper appeared at ICSE'99, Los Angeles, May 16-22, 1999. A mixture of the previous two documents from the same author.

Title: "Overview of the Virtual File System"Author: Richard Gooch.URL: http://www.atnf.csiro.au/~rgooch/linux/vfs.txtKeywords: VFS, File System, mounting filesystems, opening files, dentries, dcache.Description: Brief introduction to the Linux Virtual File System. What is it, how it works, operations taken when opening a file or mounting a file system and description of important data structures explaining the purpose of each of their entries.

Title: "Dissecting Interrupts and Browsing DMA"Author: Alessandro Rubini and Georg v. Zezschwitz.URL: http://www.linuxjournal.com/article.php?sid=1222Keywords: interrupts, irqs, DMA, bottom halves, task queues.Description: Linux Journal Kernel Korner article. Here is it's abstract: "This is the fourth in a series of articles about writing character device drivers as loadable kernel modules. This month, we further investigate the field of interrupt handling. Though it is conceptually simple, practical limitations and constraints make this an ``interesting'' part of device driver writing, and several different facilities have been provided for different situations. We also investigate the complex topic of DMA".

Title: "The Venus kernel interface"Author: Peter J. Braam.URL: http://www.coda.cs.cmu.edu/doc/html/kernel-venus-protocol.htmlKeywords: coda, filesystem, venus, cache manager.Description: "This document describes the communication between Venus and kernel level file system code needed for the operation of the Coda filesystem. This version document is meant to describe the current interface (version 1.0) as well as improvements we envisage".

Title: "Programming PCI-Devices under Linux"Author: Claus Schroeter.URL: ftp://ftp.llp.fu-berlin.de/pub/linux/LINUX-LAB/whitepapers/pcip.ps.gzKeywords: PCI, device, busmastering.Description: 6 pages tutorial on PCI programming under Linux. Gives the basic concepts on the architecture of the PCI subsystem, as long as basic functions and macros to read/write the devices and perform busmastering.

Title: "I/O Event Handling Under Linux"Author: Richard Gooch.URL: http://www.atnf.csiro.au/~rgooch/linux/docs/io-events.htmlKeywords: IO, I/O, select(2), poll(2), FDs, aio_read(2), readiness event queues.Description: From the Introduction: "I/O Event handling is about how your Operating System allows you to manage a large number of open files (file descriptors in UNIX/POSIX, or FDs) in your application. You want the OS to notify you when FDs become active (have data ready to be read or are ready for writing). Ideally you want a mechanism that is scalable. This means a large number of inactive FDs cost very little in memory and CPU time to manage".

Title: "Programming Guide for Linux USB Device Drivers"Author: Detlef Fliegl.URL: http://usb.in.tum.de/usbdoc/Keywords: USB, universal serial bus.Description: A must-read. From the Preface: "This document should give detailed information about the current state of the USB subsystem and its API for USB device drivers. The first section will deal with the basics of USB devices. You will learn about different types of devices and their properties. Going into detail you will see how USB devices communicate on the bus. The second section gives an overview of the Linux USB subsystem [2] and the device driver framework. Then the API and its data structures will be explained step by step. The last section of this document contains a reference of all API calls and their return codes".Notes: Beware: the main page states: "This document may not be published, printed or used in excerpts without explicit permission of the author". Fortunately, it may still be read...

Title: "Linux Kernel Mailing List Glossary"Author: John Levon.URL: http://www.movement.uklinux.net/glossary.htmlKeywords: glossary, terms, linux-kernel.Description: From the introduction: "This glossary is intended as a brief description of some of the acronyms and terms you may hear during discussion of the Linux kernel".

Title: "Linux Kernel Locking HOWTO"Author: Various Talented People, and Rusty.URL: http://netfilter.kernelnotes.org/unreliable-guides/kernel-locking-HOWTO.htmlKeywords: locks, locking, spinlock, semaphore, atomic, race condition, bottom halves, tasklets, softirqs.Description: The title says it all: document describing the locking system in the Linux Kernel either in uniprocessor or SMP systems.Notes: "It was originally written for the later (>2.3.47) 2.3 kernels, but most of it applies to 2.2 too; 2.0 is slightly different". Freely redistributable under the conditions of the GNU General Public License.

Title: "Global spinlock list and usage"Author: Rick Lindsley.URL: http://lse.sourceforge.net/lockhier/global-spin-lockKeywords: spinlock.Description: This is an attempt to document both the existence and usage of the spinlocks in the Linux 2.4.5 kernel. Comprehensive list of spinlocks showing when they are used, which functions access them, how each lock is acquired, under what conditions it is held, whether interrupts can occur or not while it is held...

Title: "How To Make Sure Your Driver Will Work On The Power Macintosh"Author: Paul Mackerras.URL: http://www.linux-mag.com/1999-07/gear_01.htmlKeywords: Mac, Power Macintosh, porting, drivers, compatibility.Description: The title says it all.

Title: "Linux IP Networking. A Guide to the Implementation and Modification of the Linux Protocol Stack."Author: Glenn Herrin.URL: http://www.cs.unh.edu/cnrg/gherrinKeywords: network, networking, protocol, IP, UDP, TCP, connection, socket, receiving, transmitting, forwarding, routing, packets, modules, /proc, sk_buff, FIB, tags.Description: Excellent paper devoted to the Linux IP Networking, explaining anything from the kernel's to the user space configuration tools' code. Very good to get a general overview of the kernel networking implementation and understand all steps packets follow from the time they are received at the network device till they are delivered to applications. The studied kernel code is from 2.2.14 version. Provides code for a working packet dropper example.

Title: "(nearly) Complete Linux Loadable Kernel Modules. The definitive guide for hackers, virus coders and system administrators."Author: pragmatic/THC.URL: http://packetstormsecurity.org/docs/hack/LKM_HACKING.htmlKeywords: syscalls, intercept, hide, abuse, symbol table.Description: Interesting paper on how to abuse the Linux kernel in order to intercept and modify syscalls, make files/directories/processes invisible, become root, hijack ttys, write kernel modules based virus... and solutions for admins to avoid all those abuses.Notes: For 2.0.x kernels. Gives guidances to port it to 2.2.x kernels.

Title: "The Linux Kernel Hackers' Guide"Author: Michael K.Johnson and others.URL: http://en.tldp.org/LDP/khg/HyperNews/get/khg.htmlKeywords: everything!Description: Probably, too old to be useful... Many people have contributed. The interface is similar to web available mailing lists archives. You can find some articles and then some mails asking questions about them and/or complementing previous contributions. A little bit anarchic in this aspect, but with some valuable information in some cases.